hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
Black_hat
Apr 8 2004, 10:03 PM
QUOTE

Kerio Personal Firewall 4.0.13 - Remote DoS (Crash)
 
04/08/2004

#########################################
Application: Kerio Personal Firewall

Vendors: http://www.kerio.com

Version: 4.0.13

Platforms: Windows

Bug: GUI Crash(D.O.S)

Risk: Medium

Exploitation: Remote with browser

Date: 7 Apr 2004

Author: Emmanouel Kellinis

e-mail: me@cipher(dot)org(dot)uk

web: http://www.cipher.org.uk

List : BugTraq(SecurityFocus)

#########################################


=======

Product

=======

Kerio Personal Firewall (KPF) helps users control how their computers exchange data with other computers on the Internet or local network.

===

Bug

===

Kerio Personal Firewall takes urls using a tool called web-filter and returns the requested content to any browser , web filter helps to block adds , popus and any malicious act comes from web pages. If you pass arbitrary values with the url Kerio's GUI crashes immediately and if you repedetely pass arbitrary URLs Kerio will crash completely.

=====================

Proof Of Concept Code

=====================

If a URL contains  HexValue(%13%12%13) Kerio Firewall v4.0.13 Crashes because it can't process the given characters.

http://www.cipher.org.uk/index.php?p= cipher/front.cipher

Kerio can crash remotely , using url redirection or IFRAME without user's acceptance and can cause DoS Immediately.

To avoid this problem you shoud disable Web Filtering until an update

NOTE: This bug can probably be valid in Version as well 4.0.14 since the Release History there is nothing mentioned about that

http://www.kerio.com/us/kpf_releasehistory.html

http://www.cipher.org.uk/index.php?p=ciphe...visories.cipher

ph34r.gif
Black_Hat
flame
Apr 11 2004, 08:10 PM
nice catch - how about the old kerio 2.1.5 ? does it has any exploits ?
ohmy.gif
T3cHn0b0y
Apr 12 2004, 09:08 PM
Not the most serious vulnerability in the world but...none-the-less, Kerio's programmers shouldn't be missing these things! Do they even bother testing their software before marketing?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.